Ads are annoying and most of us have some ad-blocker installed in our browsers – if you have used one of the adblockers mentioned below, then it is very likely that your personal information has been stolen.

Chrome's Web Store is full of expansions that provide user data and factory devices with malware to damage system resources. In addition, these extensions can monitor each browsing session and track which websites you visit, including your passwords.

More than 20 million users

Adjuders Andrey Meshkov made this discovery and found five ads blockers with malicious lines of code in it. These adblockers copied names and keywords from some of the popular ad blocking extensions to appear in the search results. These extensions were used by more than 20 million users before Google removed them from the system.

These are the malicious and dangerous extensions

uBlock Plus

HD for YouTube

Webutation

AdRemover for Google Chrome

Adblock Pro

AdRemover for Google Chrome had more than 10 million users, uBlock Plus had 8 million and Adblock Pro had more than 2 million. All the above extensions have extracted user data and are now removed from the Chrome Web Store.

ALSO READ

Google Chrome Web Store can no longer use Crypto My Extensions

How they worked

Apparently they sent extensions user data back to a remote server at each browsing session. This remote server sent commands to the extension that is running in the user's browser and that could control the extension and verify user data. Meshkov says,

These commands are scripts that are then executed in the privileged context (background page of the extension) and can change the behavior of your browser in any way.

In short, this is a botnet that is composed of browsers that are infected with the false Adblock extensions. The browser does what the command center server owner instructs it to do.